An on-line service provider that provides a service over the Internet prepares various operation policies and technical means to prevent access from a malicious user who is highly likely to attack or do monetary damage to the service and facilities of the on-line service provider, thereby guaranteeing stable provision of the service. In general, many on-line service providers impose restrictions on illegal behaviors by blocking the accounts or access Internet Protocol (IP) addresses of malicious users. Further, an on-line service provider may limit its service to a specific region or country in view of the nature of the service. Under this policy, the on-line service provider extracts country information from the IP address of an accessing user. If the country information indicates a non-service region, the on-line service provider may deny the service to the user.
However, the on-line service user may circumvent the blocking and service denial technology by manipulating the user's IP address and information about the access region using a proxy server or a Virtual Private Network (VPN), against the operation policy of the on-line service provider. Various techniques related to bypass access to a Private Network (PN) are disclosed in the following cited non-patent documents (Non-Patent Document 1: Chul-Won, LEE, Whi-Kang, KIM, and Jong-In I M, A Study on Analysis and Control of Circumvent Connection to the Private Network of Corporation, Journal of the Korea Institute of Information Security and Cryptology 20 (6) 183-194, 2020). If a user adopts the circumventing technology, an on-line service provider may not block the user, posing a risk that the provider's service is not normally provided.
Various on-line transactions have been increased as a result of rapid advances in Internet technology. Stability and security should be guaranteed for the service operation. Accordingly, there is a need to develop an effective technique for detecting an illegal bypass access attempt from an on-line service user who uses a circumventing technology such as a proxy server or a VPN while hiding its location and access region in a network, when an on-line service is provided in the network.
Along with the development of Information Technology (IT) and the increase of leisure time, there have been increasing demands for using leisure time by the IT technology. In this context, the on-line game industry has been rapidly boosted. Recently, on-line games in which a plurality of connected on-line users play roles simultaneously in the same space, have gained much popularity.
Such an on-line game basically supports a chatting system in which a plurality of game users can make conversations with each other and it builds a guild or a clan as a community system that establishes a social relationship between game users so that the game users can enjoy the game. Therefore, a plurality of game users may play different roles, fulfill their missions, or exchange or trade items and game money required for the game, during battles in the game.
However, a malicious user steals an authorized user's account and illegally transacts the game asset of the authorized user such as items or game money, causing monetary damage and mental stress to the authorized user.
The following prior art methods are known for the prevention of account theft using log information about on-line games.
Korea Patent Publication No. 2011-0060847 (Patent Document 1), which was filed on Jun. 8, 2011, relates to a method and system for monitoring and cutting off an illegal electronic commerce. According to Patent Document 1, an illegal electronic commerce that would be considered to be a normal transaction by conventional security technology is monitored/detected, among all electronic transaction services over the Internet.
Korea Patent Publication No. 2010-0027836 (Patent Document 2), which was filed on Mar. 11, 2010, relates to an advanced web log preprocess method and system for a rule based web IDS system. According to Patent Document 2, the attack detection performance of a web IDS system is increased by performing a pre-process to provide an efficient search function regarding web log information, and at the same time, to increase the efficiency of rule-based attack detection regarding a large amount of log information generated by a web server.